packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

code improve and bugfix

Browse Source 
Signed-off-by: zhongtao <zhongtao17@huawei.com>
(cherry picked from commit 287b224ffae5e96750bd13f62b91e8ec09dfb4fa)
This commit is contained in:
zhongtao 2024-06-11 19:55:44 +08:00 committed by openeuler-sync-bot
parent bb31f4443e
commit d212adab19
24 changed files with 3403 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

359
0086-cdi-test-case-and-gateway.patch Normal file
View File

@ -0,0 +1,359 @@
From 3fb6de60ecf10278a676a41f8d0c334d1f90d303 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 17 Apr 2024 18:02:48 +0800
Subject: [PATCH 086/108] cdi:test case and gateway
Signed-off-by: liuxu <liuxu156@huawei.com>
---
CI/make-and-install.sh | 2 +-
CI/test_cases/container_cases/cdi_test.sh | 205 ++++++++++++++++++
.../criconfigs/container-config-cdi.json | 50 +++++
.../test_data/cdi_devices.json | 53 +++++
4 files changed, 309 insertions(+), 1 deletion(-)
create mode 100755 CI/test_cases/container_cases/cdi_test.sh
create mode 100644 CI/test_cases/container_cases/criconfigs/container-config-cdi.json
create mode 100644 CI/test_cases/container_cases/test_data/cdi_devices.json
diff --git a/CI/make-and-install.sh b/CI/make-and-install.sh
index 9d4c5533..61281965 100755
--- a/CI/make-and-install.sh
+++ b/CI/make-and-install.sh
@@ -105,7 +105,7 @@ cd build
if [[ ${enable_gcov} -ne 0 ]]; then
cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DCMAKE_BUILD_TYPE=Debug -DGCOV=ON -DENABLE_EMBEDDED=ON -DENABLE_COVERAGE=ON -DENABLE_CRI_API_V1=ON -DENABLE_CDI=ON -DENABLE_UT=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
else
- cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_CRI_API_V1=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
+ cmake -DLIB_INSTALL_DIR=${builddir}/lib -DCMAKE_INSTALL_PREFIX=${builddir} -DCMAKE_INSTALL_SYSCONFDIR=${builddir}/etc -DENABLE_EMBEDDED=ON -DENABLE_METRICS=ON -DENABLE_REMOTE_LAYER_STORE=ON -DENABLE_CRI_API_V1=ON -DENABLE_CDI=ON -DENABLE_GRPC_REMOTE_CONNECT=ON ..
fi
make -j $(nproc)
make install
diff --git a/CI/test_cases/container_cases/cdi_test.sh b/CI/test_cases/container_cases/cdi_test.sh
new file mode 100755
index 00000000..dd7b1177
--- /dev/null
+++ b/CI/test_cases/container_cases/cdi_test.sh
@@ -0,0 +1,205 @@
+#!/bin/bash
+#
+# attributes: isulad cdi
+# concurrent: NA
+# spend time: 41
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# - http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: liuxu
+##- @Create: 2024-04-16
+#######################################################################
+
+source ../helpers.sh
+curr_path=$(dirname $(readlink -f "$0"))
+data_path=$(realpath $curr_path/criconfigs)
+pause_img_path=$(realpath $curr_path/test_data)
+cdi_static_dir="/etc/cdi"
+
+function do_pre()
+{
+ cp /etc/isulad/daemon.json /etc/isulad/daemon.bak
+ sed -i "s#\"pod-sandbox-image\": \"\"#\"pod-sandbox-image\": \"mirrorgooglecontainers/pause-amd64:3.0\"#g" /etc/isulad/daemon.json
+ sed -i "/\"cni-conf-dir\": \".*\"/a\ \ \ \ \"enable-cri-v1\": true," /etc/isulad/daemon.json
+ sed -i "/\"cni-conf-dir\": \".*\"/a\ \ \ \ \"enable-cdi\": true," /etc/isulad/daemon.json
+
+ check_valgrind_log
+ start_isulad_without_valgrind
+
+ isula load -i ${pause_img_path}/pause.tar
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to load pause" && return ${FAILURE}
+
+ isula pull busybox
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to pull busybox" && return ${FAILURE}
+
+ crictl images | grep "mirrorgooglecontainers/pause-amd64"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to find mirrorgooglecontainers/pause-amd64 image" && return ${FAILURE}
+
+ return 0
+}
+
+function do_post()
+{
+ cp -f /etc/isulad/daemon.bak /etc/isulad/daemon.json
+ check_valgrind_log
+ start_isulad_without_valgrind
+}
+
+function verify_injected_vendor0() {
+ # check env
+ output=$(crictl exec --sync "$1" sh -c 'echo $VENDOR0')
+ [[ "$output" != "injected" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - env check failed" && return ${FAILURE}
+
+ # check hooks
+ cat /tmp/cdi_hook_test.log | grep "prestart"
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - hook check failed" && return ${FAILURE}
+
+ # check mounts
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %a /tmp/cdi_mounts_test')
+ [[ "$output" != "755" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mount check failed" && return ${FAILURE}
+
+ return 0
+}
+
+function verify_injected_loop8() {
+ # check env
+ output=$(crictl exec --sync "$1" sh -c 'echo $LOOP8')
+ [[ "$output" != "CDI8" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - env check failed" && return ${FAILURE}
+
+ # check device nodes
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %a /dev/loop8')
+ [[ "$output" != "640" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE}
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %t.%T /dev/loop8')
+ [[ "$output" != "7.8" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE}
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %t.%T /dev/loop8c')
+ [[ "$output" != "7.b" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE}
+
+ # check mounts
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %a /tmp/cdi_mounts_test_loop8')
+ [[ "$output" != "755" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - mount check failed" && return ${FAILURE}
+
+ return 0
+}
+
+function verify_injected_loop9() {
+ # check env
+ output=$(crictl exec --sync "$1" sh -c 'echo $LOOP9')
+ [[ "$output" != "present" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - env check failed" && return ${FAILURE}
+
+ # check device nodes
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %a /dev/loop9')
+ [[ "$output" != "644" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE}
+ output=$(crictl exec --sync "$1" sh -c 'stat -c %t.%T /dev/loop9')
+ [[ "$output" != "7.9" ]] && msg_err "${FUNCNAME[0]}:${LINENO} - device nodes check failed" && return ${FAILURE}
+
+ return 0
+}
+
+function check_full_cdi()
+{
+ verify_injected_vendor0 $1
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - verify_injected_vendor0 failed" && return ${FAILURE}
+
+ verify_injected_loop8 $1
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - verify_injected_loop8 failed" && return ${FAILURE}
+
+ verify_injected_loop9 $1
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - verify_injected_loop9 failed" && return ${FAILURE}
+
+ return 0
+}
+
+function do_test_help()
+{
+ msg_info "cdi test starting..."
+
+ isula rm -f `isula ps -a -q`
+
+ sid=`crictl runp ${data_path}/$1`
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - Failed to run sandbox" && return ${FAILURE}
+
+ cid=`crictl create $sid ${data_path}/$2 ${data_path}/$1`
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - create container failed" && return ${FAILURE}
+
+ crictl start $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - start container failed" && return ${FAILURE}
+
+ crictl stats
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stats container failed" && return ${FAILURE}
+
+ check_full_cdi $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - check cdi failed" && return ${FAILURE}
+
+ crictl stop $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop container failed" && return ${FAILURE}
+
+ crictl rm $cid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm container failed" && return ${FAILURE}
+
+ crictl stopp $sid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - stop sandbox failed" && return ${FAILURE}
+
+ crictl rmp $sid
+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - rm sandbox failed" && return ${FAILURE}
+
+ return 0
+}
+
+function do_test_full_cdi()
+{
+ if [ ! -d "$cdi_static_dir" ]; then
+ mkdir -p "$cdi_static_dir"
+ fi
+ cp -f ${pause_img_path}/cdi_devices.json ${cdi_static_dir}/cdi_devices.json
+
+ mkdir -p /tmp/cdi_mounts_test
+ cat > /tmp/cdi_mounts_test_loop8 << EOF
+origin data
+EOF
+ chmod 755 /tmp/cdi_mounts_test_loop8
+ mkdir -p /tmp/cdi_mounts_test_loop9
+
+ mknod /dev/loop8 b 7 8
+ mknod /dev/loop9 b 7 9
+ mknod /dev/loop8c c 7 11
+
+ cat > /tmp/cdi_printargs.sh << EOF
+#!/bin/bash
+echo "\$(date +'%Y-%m-%d %H:%M:%S') Input parameter: \$1 \$2" >> /tmp/cdi_hook_test.log
+EOF
+ chmod 755 /tmp/cdi_printargs.sh
+
+ do_test_help "sandbox-config.json" "container-config-cdi.json" || ((ans++))
+
+ rm -f /tmp/cdi_printargs.sh
+ rm -f /tmp/cdi_hook_test.log
+ rm -f /dev/loop8
+ rm -f /dev/loop9
+ rm -f /dev/loop8c
+
+ rm -f ${cdi_static_dir}/cdi_devices.json
+ rm -f /tmp/cdi_printargs
+ rmdir /tmp/cdi_mounts_test
+ rm -f /tmp/cdi_mounts_test_loop8
+ rmdir /tmp/cdi_mounts_test_loop9
+ rm -f /tmp/cdi_printargs.sh
+
+ return 0
+}
+
+declare -i ans=0
+
+do_pre || ((ans++))
+do_test_full_cdi || ((ans++))
+do_post
+
+show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/container_cases/criconfigs/container-config-cdi.json b/CI/test_cases/container_cases/criconfigs/container-config-cdi.json
new file mode 100644
index 00000000..b9805c8a
--- /dev/null
+++ b/CI/test_cases/container_cases/criconfigs/container-config-cdi.json
@@ -0,0 +1,50 @@
+{
+ "metadata": {
+ "name": "haozi"
+ },
+ "image":{
+ "image": "busybox:latest"
+ },
+ "command": [
+ "/bin/sh",
+ "-c",
+ "i=0; while true; do echo \"$i: $(date)\"; i=$((i+1)); sleep 10; done"
+ ],
+ "labels": {
+ "filter_label_key": "filter_label_val"
+ },
+ "annotations": {
+ "extension.network.kubernetes.io/cni/instancename": "pod_instance_name",
+ "cdi.k8s.io/test": "vendor0.com/device=loop8,vendor0.com/device=loop9"
+ },
+ "CDI_Devices":[
+ { "Name": "vendor0.com/device=loop8" },
+ { "Name": "vendor0.com/device=loop9" }
+ ],
+ "mounts" : [
+ {
+ "container_path": "/tmp/contpath",
+ "host_path": "/tmp/hostpath",
+ "readonly": true,
+ "selinux_relabel": true,
+ "propagation": 0
+ },
+ {
+ "container_path": "/tmp/contpath2",
+ "host_path": "/tmp/hostpath2",
+ "readonly": false,
+ "selinux_relabel": false,
+ "propagation": 0
+ }
+ ],
+ "linux": {
+ "security_context": {
+ "namespace_options": {
+ "host_network": true,
+ "host_pid": false,
+ "host_ipc": false
+ }
+ }
+ },
+ "log_path": "cri_test.log"
+}
diff --git a/CI/test_cases/container_cases/test_data/cdi_devices.json b/CI/test_cases/container_cases/test_data/cdi_devices.json
new file mode 100644
index 00000000..f7fe65d4
--- /dev/null
+++ b/CI/test_cases/container_cases/test_data/cdi_devices.json
@@ -0,0 +1,53 @@
+{
+ "cdiVersion": "0.6.0",
+ "kind": "vendor0.com/device",
+ "annotations":{
+ "cdi_annotation":"cdi_annotation_value"
+ },
+ "devices": [
+ {
+ "name": "loop8",
+ "annotations":{
+ "loop8_annotation":"loop8_annotation_value"
+ },
+ "containerEdits": {
+ "env": [
+ "LOOP8=CDI8",
+ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/dev"
+ ],
+ "deviceNodes": [
+ {"path": "/dev/loop8", "type": "b", "fileMode": 416},
+ {"path": "/dev/loop8c", "type": "c"}
+ ],
+ "mounts": [
+ {"hostPath": "/tmp/cdi_mounts_test_loop8", "containerPath": "/tmp/cdi_mounts_test_loop8", "options": ["ro","nosuid","nodev","bind"]},
+ {"hostPath": "tmpfs", "containerPath": "/tmp/data", "type": "tmpfs", "options": ["nosuid","strictatime","mode=755","size=65536k"]}
+ ]
+ }
+ },{
+ "name": "loop9",
+ "containerEdits": {
+ "env":["LOOP9=present"],
+ "deviceNodes": [{
+ "path": "/dev/loop9", "type": "b", "major": 7, "minor": 9, "fileMode": 420
+ }
+ ]
+ }
+ }
+ ],
+ "containerEdits": {
+ "env": [
+ "VENDOR0=injected",
+ "BAR=BARVALUE1"
+ ],
+ "hooks": [
+ {"hookName": "prestart", "path": "/tmp/cdi_printargs.sh", "args":["prestart0", "prestart1"], "env":["prestartenv=value"]},
+ {"hookName": "prestart", "path": "/tmp/cdi_printargs.sh", "args":["prestart0", "prestart1"], "env":["prestartenv=value"]},
+ {"hookName": "poststart", "path": "/tmp/cdi_printargs.sh", "args":["poststart0", "poststart1"], "env":["poststartenv=value"]},
+ {"hookName": "poststop", "path": "/tmp/cdi_printargs.sh", "args":["poststop0", "poststop1"], "env":["poststopenv=value"]}
+ ],
+ "mounts": [
+ {"hostPath": "/tmp/cdi_mounts_test", "containerPath": "/tmp/cdi_mounts_test", "options": ["ro","nosuid","nodev","bind"]}
+ ]
+ }
+}
\ No newline at end of file
--
2.25.1

1690
0087-code-improve.patch Normal file
View File

File diff suppressed because it is too large Load Diff

29
0088-testcase-close-cdi-testcase.patch Normal file
View File

@ -0,0 +1,29 @@
From eba353bef72bf62cd47f1b03a9fbd4c621ad479e Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Thu, 16 May 2024 18:00:01 +0800
Subject: [PATCH 088/108] testcase:close cdi testcase
Signed-off-by: liuxu <liuxu156@huawei.com>
---
CI/test_cases/container_cases/cdi_test.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/CI/test_cases/container_cases/cdi_test.sh b/CI/test_cases/container_cases/cdi_test.sh
index dd7b1177..f9fd4567 100755
--- a/CI/test_cases/container_cases/cdi_test.sh
+++ b/CI/test_cases/container_cases/cdi_test.sh
@@ -198,8 +198,8 @@ EOF
declare -i ans=0
-do_pre || ((ans++))
-do_test_full_cdi || ((ans++))
-do_post
+# do_pre || ((ans++))
+# do_test_full_cdi || ((ans++))
+# do_post
show_result ${ans} "${curr_path}/${0}"
--
2.25.1

68
0089-docs-update-cni-doc.patch Normal file
View File

@ -0,0 +1,68 @@
From 7fc8578097b9f8254962dc4fb277492b3251e5cb Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Thu, 16 May 2024 17:56:08 +0800
Subject: [PATCH 089/108] docs:update cni doc
Signed-off-by: liuxu <liuxu156@huawei.com>
---
README.md | 2 +-
README_zh.md | 2 +-
docs/design/README.md | 2 ++
docs/design/README_zh.md | 2 ++
4 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 694ddbc2..7ddc62ab 100644
--- a/README.md
+++ b/README.md
@@ -228,7 +228,7 @@ Using [ptcr](https://gitee.com/openeuler/ptcr) as a performance test tool , it s
The standard specification versions that `iSulad` is compatible with are as follows:
- Compatible with OCI 1.0.0.
-- Compatible with CNI 0.3.0 and above.
+- Compatible with CNI 0.3.0 - 1.0.0, iSulad supports CNI 1.0.0 from 2.1.4 version.
- Compatible with lcr 2.1.x and above.
## Kubernetes Support
diff --git a/README_zh.md b/README_zh.md
index 5db28f3a..45ac66ac 100755
--- a/README_zh.md
+++ b/README_zh.md
@@ -224,7 +224,7 @@ $ sudo isula rm test
`iSulad` 能够兼容的标准规范版本如下:
- 兼容 1.0.0 版本的OCI
-- 兼容 0.3.0 版本以上的CNI
+- 兼容 0.3.0-1.0.0 版本的CNIiSulad从2.1.4版本后支持 CNI 1.0.0版本
- 兼容 2.1.x 版本以上的lcr
## Kubernetes Support
diff --git a/docs/design/README.md b/docs/design/README.md
index d2a3702d..c171cb20 100644
--- a/docs/design/README.md
+++ b/docs/design/README.md
@@ -43,6 +43,8 @@ This section contains some design documents for users who want to learn more abo
- You can see how the cni operator modules are designed in [cni_operator_design](./detailed/Network/cni_operator_design.md).
+- You can see how the cni operator modules update to CNI v1.0.0 in [cni_1.0.0_change](./detailed/Network/cni_1.0.0_change.md)。
+
- You can see how the CRI adapter modules are designed in [CRI_adapter_design](./detailed/Network/CRI_adapter_design.md).
- You can see how the native network adapter modules are designed in [native_network_adapter_design](./detailed/Network/native_network_adapter_design.md).
diff --git a/docs/design/README_zh.md b/docs/design/README_zh.md
index c6172b6f..0f4cf13e 100644
--- a/docs/design/README_zh.md
+++ b/docs/design/README_zh.md
@@ -49,6 +49,8 @@
- 查看 cni operator 模块的设计文档: [cni_operator_design](./detailed/Network/cni_operator_design_zh.md) 。
+- 查看 cni operator 模块升级到CNI v1.0.0的设计文档: [cni_1.0.0_change](./detailed/Network/cni_1.0.0_change.md) 。
+
- 查看 CRI adapter 模块的设计文档: [CRI_adapter_design](./detailed/Network/CRI_adapter_design_zh.md) 。
- 查看 native network adapter 模块的设计文档: [native_network_adapter_design](./detailed/Network/native_network_adapter_design_zh.md) 。
--
2.25.1

100
0090-modify-the-user-error-log-to-be-the-same-as-before.patch Normal file
View File

@ -0,0 +1,100 @@
From 3b0f34c7cd55686cf18f65efbdc0be8a84f13e3e Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Mon, 20 May 2024 17:54:04 +1400
Subject: [PATCH 090/108] modify the user error log to be the same as before
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/id_name_manager.c | 4 +--
.../executor/container_cb/execution_create.c | 26 +++++++++++--------
.../container_cb/execution_information.c | 4 ++-
3 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/src/daemon/common/id_name_manager.c b/src/daemon/common/id_name_manager.c
index 263a584d..f64094b9 100644
--- a/src/daemon/common/id_name_manager.c
+++ b/src/daemon/common/id_name_manager.c
@@ -242,7 +242,7 @@ static bool try_add_name(const char *name)
}
if (!util_valid_container_name(name)) {
- ERROR("Failed to add invalid name: %s", name);
+ ERROR("Invalid container name (%s), only [a-zA-Z0-9][a-zA-Z0-9_.-]+$ are allowed.", name);
return false;
}
@@ -262,7 +262,7 @@ static bool try_remove_name(const char *name)
}
if (!util_valid_container_name(name)) {
- ERROR("Failed to remove invalid name: %s", name);
+ ERROR("Invalid container name (%s), only [a-zA-Z0-9][a-zA-Z0-9_.-]+$ are allowed.", name);
return false;
}
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index 785b4e27..041089dd 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -761,8 +761,17 @@ static int maintain_container_id(const container_create_request *request, char *
#endif
if (!nret) {
- ERROR("Failed to add entry to id name manager with new id and name");
- isulad_set_error_message("Failed to add entry to id name manager with new id and name");
+ __isula_auto_free char *used_id = NULL;
+ used_id = container_name_index_get(name);
+ if(used_id != NULL) {
+ ERROR("Name %s is in use by container %s", name, used_id);
+ isulad_set_error_message("Conflict. The name \"%s\" is already in use by container %s. "
+ "You have to remove (or rename) that container to be able to reuse that name.",
+ name, used_id);
+ } else {
+ ERROR("Failed to add entry to id name manager with new id and name");
+ isulad_set_error_message("Failed to add entry to id name manager with new id and name");
+ }
ret = -1;
goto out;
}
@@ -775,19 +784,14 @@ static int maintain_container_id(const container_create_request *request, char *
goto out;
}
- char *used_id = NULL;
- used_id = container_name_index_get(name);
- ERROR("Name %s is in use by container %s", name, used_id);
- isulad_set_error_message("Conflict. The name \"%s\" is already in use by container %s. "
- "You have to remove (or rename) that container to be able to reuse that name.",
- name, used_id);
- free(used_id);
- used_id = NULL;
- ret = -1;
if (!skip_id_name_manage && !id_name_manager_remove_entry(id, name)) {
WARN("Failed to remove %s and %s from id name manager", id, name);
}
+ ERROR("Failed to add %s to container name index", name);
+ isulad_set_error_message("Failed to add %s to container name index", name);
+ ret = -1;
+
out:
*out_id = id;
*out_name = name;
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
index c02cc830..58924257 100644
--- a/src/daemon/executor/container_cb/execution_information.c
+++ b/src/daemon/executor/container_cb/execution_information.c
@@ -1149,7 +1149,9 @@ static int container_rename(container_t *cont, const char *new_name)
if (!id_name_manager_rename(new_name, old_name)) {
ERROR("Failed to rename %s to %s in id-name manager", old_name, new_name);
- isulad_set_error_message("Failed to rename %s to %s in id-name manager", old_name, new_name);
+ isulad_set_error_message("Conflict. The name \"%s\" is already in use by container %s. "
+ "You have to remove (or rename) that container to be able to reuse that name.",
+ new_name, new_name);
ret = -1;
goto out;
}
--
2.25.1

54
0091-add-enable-cri-v1-in-k8s-integration.patch Normal file
View File

@ -0,0 +1,54 @@
From 1f69ffe589f7225a1db83377e276ddbab963bd16 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Tue, 21 May 2024 01:13:08 +0000
Subject: [PATCH 091/108] add enable cri v1 in k8s integration
Signed-off-by: jikai <jikai11@huawei.com>
---
docs/manual/k8s_integration.md | 9 +++++++++
docs/manual/k8s_integration_zh.md | 9 +++++++++
2 files changed, 18 insertions(+)
diff --git a/docs/manual/k8s_integration.md b/docs/manual/k8s_integration.md
index 8fcd0a54..14de0ef4 100644
--- a/docs/manual/k8s_integration.md
+++ b/docs/manual/k8s_integration.md
@@ -20,6 +20,15 @@
if `hosts` is not configured, the default endpoint is `unix:///var/run/isulad.sock`.
+ `iSulad` supports both `CRI V1alpha2` and `CRI V1`, and uses `CRI V1alph2` by default.
+ If `CRI V1` is required, it can be configured in `/etc/isulad/daemon.json` to enable `CRI V1`:
+
+ ```json
+ "enable-cri-v1": true,
+ ```
+
+ If `iSulad` is compiled from source codes, `-D ENABLE_CRI_API_V1=ON` option is required in cmake.
+
2. Restart `isulad`:
```bash
diff --git a/docs/manual/k8s_integration_zh.md b/docs/manual/k8s_integration_zh.md
index 6dda1e4d..26ba6cc4 100644
--- a/docs/manual/k8s_integration_zh.md
+++ b/docs/manual/k8s_integration_zh.md
@@ -20,6 +20,15 @@
如果`hosts`没有配置,默认的`endpoint`为``unix:///var/run/isulad.sock``
+ `iSulad`同时支持`CRI V1alpha2`和`CRI V1`两种`CRI`接口,默认使用`CRI V1alph2`,若需使用`CRI V1`
+ 需要在`/etc/isulad/daemon.json`对`iSulad`进行相关配置,配置方式为:
+
+ ```json
+ "enable-cri-v1": true,
+ ```
+
+ 若使用源码编译`iSulad`还需在编译时增加cmake编译选项`-D ENABLE_CRI_API_V1=ON`。
+
2. 重启`isulad`
```bash
--
2.25.1

317
0092-isolate-oom-monitor-codes.patch Normal file
View File

@ -0,0 +1,317 @@
From d97656a8b99f4fa95a9c15abfbac777a94b84d55 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Mon, 20 May 2024 08:48:00 +0000
Subject: [PATCH 092/108] isolate oom monitor codes
Signed-off-by: jikai <jikai11@huawei.com>
---
cmake/options.cmake | 7 +++++++
src/daemon/common/cgroup/cgroup.c | 2 ++
src/daemon/common/cgroup/cgroup.h | 2 ++
src/daemon/common/cgroup/cgroup_common.h | 4 ++++
src/daemon/common/cgroup/cgroup_v1.c | 8 ++++++++
src/daemon/common/cgroup/cgroup_v2.c | 8 ++++++++
src/daemon/common/cri/v1/v1_cri_helpers.cc | 2 ++
src/daemon/modules/container/container_state.c | 2 ++
.../modules/container/supervisor/supervisor.c | 14 ++++++++++++++
9 files changed, 49 insertions(+)
diff --git a/cmake/options.cmake b/cmake/options.cmake
index a15b8194..5b17f631 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -58,6 +58,13 @@ if (ENABLE_SANDBOXER STREQUAL "ON")
message("${Green}-- Enable sandbox API${ColourReset}")
endif()
+option(ENABLE_OOM_MONITOR "Enable oom monitor" ON)
+IF (ENABLE_OOM_MONITOR STREQUAL "ON")
+ add_definitions(-DENABLE_OOM_MONITOR)
+ set(ENABLE_OOM_MONITOR 1)
+ message("${Green}-- Enable oom monitor${ColourReset}")
+endif()
+
option(ENABLE_SYSTEMD_NOTIFY "Enable systemd notify" ON)
if (ENABLE_SYSTEMD_NOTIFY STREQUAL "ON")
add_definitions(-DSYSTEMD_NOTIFY)
diff --git a/src/daemon/common/cgroup/cgroup.c b/src/daemon/common/cgroup/cgroup.c
index 71bf9801..77fafdae 100644
--- a/src/daemon/common/cgroup/cgroup.c
+++ b/src/daemon/common/cgroup/cgroup.c
@@ -197,6 +197,7 @@ char *common_convert_cgroup_path(const char *cgroup_path)
return util_strdup_s(result);
}
+#ifdef ENABLE_OOM_MONITOR
cgroup_oom_handler_info_t *common_get_cgroup_oom_handler(int fd, const char *name, const char *cgroup_path,
const char *exit_fifo)
{
@@ -225,3 +226,4 @@ void common_free_cgroup_oom_handler_info(cgroup_oom_handler_info_t *info)
free(info->cgroup_memory_event_path);
free(info);
}
+#endif
diff --git a/src/daemon/common/cgroup/cgroup.h b/src/daemon/common/cgroup/cgroup.h
index 0bbb70a0..1ebbfa98 100644
--- a/src/daemon/common/cgroup/cgroup.h
+++ b/src/daemon/common/cgroup/cgroup.h
@@ -43,9 +43,11 @@ char *common_get_own_cgroup_path(const char *subsystem);
char *common_convert_cgroup_path(const char *cgroup_path);
+#ifdef ENABLE_OOM_MONITOR
cgroup_oom_handler_info_t *common_get_cgroup_oom_handler(int fd, const char *name, const char *cgroup_path,
const char *exit_fifo);
void common_free_cgroup_oom_handler_info(cgroup_oom_handler_info_t *info);
+#endif
#ifdef __cplusplus
}
diff --git a/src/daemon/common/cgroup/cgroup_common.h b/src/daemon/common/cgroup/cgroup_common.h
index 46a7de50..01fc669c 100644
--- a/src/daemon/common/cgroup/cgroup_common.h
+++ b/src/daemon/common/cgroup/cgroup_common.h
@@ -116,6 +116,7 @@ typedef struct {
cgroup_pids_metrics_t cgpids_metrics;
} cgroup_metrics_t;
+#ifdef ENABLE_OOM_MONITOR
#define CGROUP_OOM_HANDLE_CONTINUE false
#define CGROUP_OOM_HANDLE_CLOSE true
@@ -126,6 +127,7 @@ typedef struct _cgroup_oom_handler_info_t {
char *cgroup_memory_event_path;
bool (*oom_event_handler)(int, void *);
} cgroup_oom_handler_info_t;
+#endif
typedef struct {
int (*get_cgroup_version)(void);
@@ -140,8 +142,10 @@ typedef struct {
char *(*get_init_cgroup_path)(const char *subsystem);
char *(*get_own_cgroup_path)(const char *subsystem);
+#ifdef ENABLE_OOM_MONITOR
cgroup_oom_handler_info_t *(*get_cgroup_oom_handler)(int fd, const char *name, const char *cgroup_path,
const char *exit_fifo);
+#endif
} cgroup_ops;
#ifdef __cplusplus
diff --git a/src/daemon/common/cgroup/cgroup_v1.c b/src/daemon/common/cgroup/cgroup_v1.c
index 45b1d096..018336ea 100644
--- a/src/daemon/common/cgroup/cgroup_v1.c
+++ b/src/daemon/common/cgroup/cgroup_v1.c
@@ -20,12 +20,16 @@
#include <stdio.h>
#include <stdlib.h>
+#ifdef ENABLE_OOM_MONITOR
#include <sys/eventfd.h>
+#endif
#include "utils.h"
#include "sysinfo.h"
#include "err_msg.h"
+#ifdef ENABLE_OOM_MONITOR
#include "events_sender_api.h"
+#endif
#define CGROUP_HUGETLB_LIMIT "hugetlb.%s.limit_in_bytes"
#define CGROUP_MOUNT_PATH_PREFIX "/sys/fs/cgroup/"
@@ -1052,6 +1056,7 @@ static char *common_get_cgroup_path(const char *path, const char *subsystem)
return res;
}
+#ifdef ENABLE_OOM_MONITOR
static bool oom_cb_cgroup_v1(int fd, void *cbdata)
{
cgroup_oom_handler_info_t *info = (cgroup_oom_handler_info_t *)cbdata;
@@ -1205,6 +1210,7 @@ cleanup:
common_free_cgroup_oom_handler_info(info);
return NULL;
}
+#endif
char *get_init_cgroup_path_v1(const char *subsystem)
{
@@ -1232,6 +1238,8 @@ int cgroup_v1_ops_init(cgroup_ops *ops)
ops->get_cgroup_mnt_and_root_path = get_cgroup_mnt_and_root_path_v1;
ops->get_init_cgroup_path = get_init_cgroup_path_v1;
ops->get_own_cgroup_path = get_own_cgroup_v1;
+#ifdef ENABLE_OOM_MONITOR
ops->get_cgroup_oom_handler = get_cgroup_oom_handler_v1;
+#endif
return 0;
}
\ No newline at end of file
diff --git a/src/daemon/common/cgroup/cgroup_v2.c b/src/daemon/common/cgroup/cgroup_v2.c
index 76754dc1..ce72e6c4 100644
--- a/src/daemon/common/cgroup/cgroup_v2.c
+++ b/src/daemon/common/cgroup/cgroup_v2.c
@@ -17,14 +17,18 @@
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
+#ifdef ENABLE_OOM_MONITOR
#include <sys/inotify.h>
+#endif
#include <isula_libutils/auto_cleanup.h>
#include "utils.h"
#include "path.h"
#include "sysinfo.h"
+#ifdef ENABLE_OOM_MONITOR
#include "events_sender_api.h"
+#endif
// Cgroup V2 Item Definition
#define CGROUP2_CPU_WEIGHT "cpu.weight"
@@ -416,6 +420,7 @@ static int get_cgroup_mnt_and_root_v2(const char *subsystem, char **mountpoint,
return 0;
}
+#ifdef ENABLE_OOM_MONITOR
static bool oom_cb_cgroup_v2(int fd, void *cbdata)
{
const size_t events_size = sizeof(struct inotify_event) + NAME_MAX + 1;
@@ -547,6 +552,7 @@ cleanup:
common_free_cgroup_oom_handler_info(info);
return NULL;
}
+#endif
int get_cgroup_version_v2()
{
@@ -562,6 +568,8 @@ int cgroup_v2_ops_init(cgroup_ops *ops)
ops->get_cgroup_info = get_cgroup_info_v2;
ops->get_cgroup_metrics = get_cgroup_metrics_v2;
ops->get_cgroup_mnt_and_root_path = get_cgroup_mnt_and_root_v2;
+#ifdef ENABLE_OOM_MONITOR
ops->get_cgroup_oom_handler = get_cgroup_oom_handler_v2;
+#endif
return 0;
}
\ No newline at end of file
diff --git a/src/daemon/common/cri/v1/v1_cri_helpers.cc b/src/daemon/common/cri/v1/v1_cri_helpers.cc
index 478dd105..31b6b137 100644
--- a/src/daemon/common/cri/v1/v1_cri_helpers.cc
+++ b/src/daemon/common/cri/v1/v1_cri_helpers.cc
@@ -517,9 +517,11 @@ void UpdateBaseStatusFromInspect(
} else { // Case 3
state = runtime::v1::CONTAINER_CREATED;
}
+#ifdef ENABLE_OOM_MONITOR
if (inspect->state->oom_killed == true) {
reason = "OOMKilled";
}
+#endif
if (inspect->state->error != nullptr) {
message = inspect->state->error;
}
diff --git a/src/daemon/modules/container/container_state.c b/src/daemon/modules/container/container_state.c
index 452a2b26..f8ad0537 100644
--- a/src/daemon/modules/container/container_state.c
+++ b/src/daemon/modules/container/container_state.c
@@ -587,7 +587,9 @@ container_inspect_state *container_state_to_inspect_state(container_state_t *s)
state->running = s->state->running;
state->paused = s->state->paused;
state->restarting = s->state->restarting;
+#ifdef ENABLE_OOM_MONITOR
state->oom_killed = s->state->oom_killed;
+#endif
state->pid = s->state->pid;
state->exit_code = s->state->exit_code;
diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c
index 39d9fdb8..294783eb 100644
--- a/src/daemon/modules/container/supervisor/supervisor.c
+++ b/src/daemon/modules/container/supervisor/supervisor.c
@@ -42,8 +42,10 @@
#ifdef ENABLE_CRI_API_V1
#include "sandbox_ops.h"
#endif
+#ifdef ENABLE_OOM_MONITOR
#include "cgroup.h"
#include "specs_api.h"
+#endif
pthread_mutex_t g_supervisor_lock = PTHREAD_MUTEX_INITIALIZER;
struct epoll_descr g_supervisor_descr;
@@ -286,6 +288,7 @@ static int supervisor_exit_cb(int fd, uint32_t events, void *cbdata, struct epol
return EPOLL_LOOP_HANDLE_CONTINUE;
}
+#ifdef ENABLE_OOM_MONITOR
static int oom_handle_cb(int fd, uint32_t events, void *cbdata, struct epoll_descr *descr)
{
cgroup_oom_handler_info_t *oom_handler_info = (cgroup_oom_handler_info_t *)cbdata;
@@ -305,6 +308,7 @@ static int oom_handle_cb(int fd, uint32_t events, void *cbdata, struct epoll_des
return EPOLL_LOOP_HANDLE_CONTINUE;
}
+#endif
/* supervisor add exit monitor */
int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const pid_ppid_info_t *pid_info,
@@ -312,8 +316,10 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
{
int ret = 0;
struct supervisor_handler_data *data = NULL;
+#ifdef ENABLE_OOM_MONITOR
cgroup_oom_handler_info_t *oom_handler_info = NULL;
__isula_auto_free char *cgroup_path = NULL;
+#endif
if (fd < 0) {
ERROR("Invalid exit fifo fd");
@@ -326,12 +332,14 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
return -1;
}
+#ifdef ENABLE_OOM_MONITOR
cgroup_path = merge_container_cgroups_path(cont->common_config->id, cont->hostconfig);
if (cgroup_path == NULL) {
ERROR("Failed to get cgroup path");
close(fd);
return -1;
}
+#endif
data = util_common_calloc_s(sizeof(struct supervisor_handler_data));
if (data == NULL) {
@@ -353,9 +361,12 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
data->pid_info.start_time = pid_info->start_time;
data->pid_info.ppid = pid_info->ppid;
data->pid_info.pstart_time = pid_info->pstart_time;
+#ifdef ENABLE_OOM_MONITOR
oom_handler_info = common_get_cgroup_oom_handler(fd, cont->common_config->id, cgroup_path, exit_fifo);
+#endif
supervisor_handler_lock();
+#ifdef ENABLE_OOM_MONITOR
if (oom_handler_info != NULL) {
ret = epoll_loop_add_handler(&g_supervisor_descr, oom_handler_info->oom_event_fd, oom_handle_cb, oom_handler_info);
if (ret != 0) {
@@ -363,6 +374,7 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
goto err;
}
}
+#endif
ret = epoll_loop_add_handler(&g_supervisor_descr, fd, supervisor_exit_cb, data);
if (ret != 0) {
@@ -374,7 +386,9 @@ int container_supervisor_add_exit_monitor(int fd, const char *exit_fifo, const p
err:
supervisor_handler_data_free(data);
+#ifdef ENABLE_OOM_MONITOR
common_free_cgroup_oom_handler_info(oom_handler_info);
+#endif
out:
supervisor_handler_unlock();
return ret;
--
2.25.1

64
0093-change-fork-process-exit-mode.patch Normal file
View File

@ -0,0 +1,64 @@
From 0ff5a421e31096fbd10cf00c45a3849297023391 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 23 May 2024 01:09:41 +1400
Subject: [PATCH 093/108] change fork process exit mode
---
src/utils/tar/util_archive.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 52b51162..204dab83 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -897,9 +897,9 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co
child_out:
if (ret != 0) {
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
}
- exit(EXIT_SUCCESS);
+ _exit(EXIT_SUCCESS);
}
close(pipe_stderr[1]);
pipe_stderr[1] = -1;
@@ -1342,9 +1342,9 @@ int archive_chroot_tar(const char *path, const char *file, const char *root_dir,
child_out:
if (ret != 0) {
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
} else {
- exit(EXIT_SUCCESS);
+ _exit(EXIT_SUCCESS);
}
}
close(pipe_for_read[1]);
@@ -1577,9 +1577,9 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha
child_out:
if (ret != 0) {
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
}
- exit(EXIT_SUCCESS);
+ _exit(EXIT_SUCCESS);
}
close(pipe_stderr[1]);
@@ -1727,9 +1727,9 @@ child_out:
free(tar_base_name);
if (ret != 0) {
- exit(EXIT_FAILURE);
+ _exit(EXIT_FAILURE);
} else {
- exit(EXIT_SUCCESS);
+ _exit(EXIT_SUCCESS);
}
}
--
2.25.1

26
0094-fix-error-log-for-verify_cpu_realtime.patch Normal file
View File

@ -0,0 +1,26 @@
From 1671a136d1b7d209c453a8ad2b1bf062a3afbe09 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 28 May 2024 17:23:45 +1400
Subject: [PATCH 094/108] fix error log for verify_cpu_realtime
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/modules/spec/verify.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c
index 57e16ef9..1ce76c1d 100644
--- a/src/daemon/modules/spec/verify.c
+++ b/src/daemon/modules/spec/verify.c
@@ -390,7 +390,7 @@ static int verify_cpu_realtime(const sysinfo_t *sysinfo, int64_t realtime_period
if (realtime_runtime != 0 && !(sysinfo->cgcpuinfo.cpu_rt_runtime)) {
ERROR("Invalid --cpu-rt-runtime: Your kernel does not support cgroup rt runtime");
- isulad_set_error_message("Invalid --cpu-rt-period: Your kernel does not support cgroup rt runtime");
+ isulad_set_error_message("Invalid --cpu-rt-runtime: Your kernel does not support cgroup rt runtime");
ret = -1;
goto out;
}
--
2.25.1

54
0095-bugfix-change-max-network-name-len.patch Normal file
View File

@ -0,0 +1,54 @@
From e2a7e6bfb0f0e97e5e1543fac7a5e0807fadaba0 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Thu, 30 May 2024 16:50:56 +0800
Subject: [PATCH 095/108] bugfix: change max network name len
Signed-off-by: liuxu <liuxu156@huawei.com>
---
docs/design/detailed/Network/native_network_adapter_design.md | 2 +-
.../design/detailed/Network/native_network_adapter_design_zh.md | 2 +-
src/utils/cutils/utils.h | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/docs/design/detailed/Network/native_network_adapter_design.md b/docs/design/detailed/Network/native_network_adapter_design.md
index b58989eb..1010bd73 100644
--- a/docs/design/detailed/Network/native_network_adapter_design.md
+++ b/docs/design/detailed/Network/native_network_adapter_design.md
@@ -204,7 +204,7 @@ Client:
1. Parse the parameters passed in by the user.
2. Verify the incoming parameters, including:
- Only one network is allowed to be created at a time, that is, at most one name can be specified.
- - If name is specified, check whether the length of name exceeds MAX_NETWORK_NAME_LEN(128).
+ - If name is specified, check whether the length of name exceeds MAX_NETWORK_NAME_LEN(255).
3. Send the request to the server
Server:
diff --git a/docs/design/detailed/Network/native_network_adapter_design_zh.md b/docs/design/detailed/Network/native_network_adapter_design_zh.md
index 30860f3d..62c4b6ef 100644
--- a/docs/design/detailed/Network/native_network_adapter_design_zh.md
+++ b/docs/design/detailed/Network/native_network_adapter_design_zh.md
@@ -204,7 +204,7 @@ int native_network_add_container_list(const char *network_name, const char *cont
1. 解析用户传入的参数
2. 对传入的参数进行校验,包括
- 每次只允许创建一个网络, 即最多指定一个name
- - 若指定name检查name长度是否超过MAX_NETWORK_NAME_LEN(128)
+ - 若指定name检查name长度是否超过MAX_NETWORK_NAME_LEN(255)
3. 发送请求到服务端
服务端:
diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h
index 3671272a..4417a165 100644
--- a/src/utils/cutils/utils.h
+++ b/src/utils/cutils/utils.h
@@ -99,7 +99,7 @@ int malloc_trim(size_t pad);
#define MAX_IMAGE_REF_LEN 384
#define MAX_CONTAINER_NAME_LEN 1024
#define MAX_RUNTIME_NAME_LEN 32
-#define MAX_NETWORK_NAME_LEN 128
+#define MAX_NETWORK_NAME_LEN 255
#define LOGIN_USERNAME_LEN 255
#define LOGIN_PASSWORD_LEN 255
--
2.25.1

26
0096-del-useless-info.patch Normal file
View File

@ -0,0 +1,26 @@
From b36cfa4325f43b3fa1468ba360b3d51f6ef1c3ca Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Thu, 30 May 2024 17:14:48 +0800
Subject: [PATCH 096/108] del useless info
Signed-off-by: liuxu <liuxu156@huawei.com>
---
release_notes | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/release_notes b/release_notes
index 2d564c7e..fdcd3690 100644
--- a/release_notes
+++ b/release_notes
@@ -72,7 +72,7 @@
dev stats:
- 357 files changed, 7886 insertions(+), 2849 deletions(-)
- - contributors: zhongtao, jikai, haozi007, jake, liuxu, xuxuepeng, zhangxiaoyu, sailorvii, chen524, dreamloy, l00804245, yangjiaqi
+ - contributors: zhongtao, jikai, haozi007, jake, liuxu, xuxuepeng, zhangxiaoyu, sailorvii, chen524, dreamloy, yangjiaqi
2023-11-07 xuepengxu release 2.1.4
- !2238 modify the default value of EANBLE_IMAGE_LIBARAY to off * modify the default value of EANBLE_IMAGE_LIBARAY to off
--
2.25.1

83
0097-code-improve.patch Normal file
View File

@ -0,0 +1,83 @@
From 2aa26649f20ae5992ace7bb8cb62a5ee9c3f7a81 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Thu, 30 May 2024 21:30:43 +1400
Subject: [PATCH 097/108] code improve
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/cmd/isula/volume/prune.c | 2 +-
src/cmd/options/opt_log.c | 2 +-
src/daemon/executor/container_cb/execution_extend.c | 3 ++-
src/daemon/executor/container_cb/execution_information.c | 2 +-
src/daemon/modules/image/oci/registry_type.c | 2 +-
5 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/cmd/isula/volume/prune.c b/src/cmd/isula/volume/prune.c
index c8d632ed..3b5bfbf1 100644
--- a/src/cmd/isula/volume/prune.c
+++ b/src/cmd/isula/volume/prune.c
@@ -79,7 +79,7 @@ out:
int cmd_volume_prune_main(int argc, const char **argv)
{
- int i = 0;
+ size_t i = 0;
struct isula_libutils_log_config lconf = { 0 };
int exit_code = 1;
command_t cmd;
diff --git a/src/cmd/options/opt_log.c b/src/cmd/options/opt_log.c
index b1abcfaf..8ffb9966 100644
--- a/src/cmd/options/opt_log.c
+++ b/src/cmd/options/opt_log.c
@@ -67,7 +67,7 @@ static int log_opt_syslog_facility(const char *key, const char *value, char **pa
"authpriv", "ftp", "local0", "local1", "local2",
"local3", "local4", "local5", "local6", "local7"
};
- int i;
+ size_t i;
size_t f_len = sizeof(facility_values) / sizeof(const char *);
for (i = 0; i < f_len; i++) {
diff --git a/src/daemon/executor/container_cb/execution_extend.c b/src/daemon/executor/container_cb/execution_extend.c
index 52401633..ed072848 100644
--- a/src/daemon/executor/container_cb/execution_extend.c
+++ b/src/daemon/executor/container_cb/execution_extend.c
@@ -990,7 +990,8 @@ out:
static int update_container_unified(const char *id, const host_config *hostconfig, host_config *chostconfig)
{
- int i, cgroup_version;
+ int cgroup_version;
+ size_t i;
if (hostconfig->unified == NULL || hostconfig->unified->len == 0) {
return 0;
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
index 58924257..4aee3aef 100644
--- a/src/daemon/executor/container_cb/execution_information.c
+++ b/src/daemon/executor/container_cb/execution_information.c
@@ -244,7 +244,7 @@ static int get_proxy_env(char **proxy, const char *type)
}
*col_pos = '\0';
nret = snprintf(*proxy, proxy_len, "%s:%s%s", tmp_proxy, mask_str, at_pos);
- if (nret < 0 || nret >= proxy_len) {
+ if (nret < 0 || (size_t)nret >= proxy_len) {
ret = -1;
free(*proxy);
*proxy = NULL;
diff --git a/src/daemon/modules/image/oci/registry_type.c b/src/daemon/modules/image/oci/registry_type.c
index 6c9ff747..7a2c25ed 100644
--- a/src/daemon/modules/image/oci/registry_type.c
+++ b/src/daemon/modules/image/oci/registry_type.c
@@ -59,7 +59,7 @@ void free_layer_blob(layer_blob *layer)
void free_pull_desc(pull_descriptor *desc)
{
- int i = 0;
+ size_t i = 0;
if (desc == NULL) {
return;
--
2.25.1

33
0098-cdi-add-debug-info.patch Normal file
View File

@ -0,0 +1,33 @@
From 5a5f4879246783932ab620b2461a7cd832ddc1f0 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Fri, 31 May 2024 16:38:26 +0800
Subject: [PATCH 098/108] cdi:add debug info
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/daemon/modules/device/cdi/cdi_cache.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/daemon/modules/device/cdi/cdi_cache.c b/src/daemon/modules/device/cdi/cdi_cache.c
index e9a9b804..cd7158dd 100644
--- a/src/daemon/modules/device/cdi/cdi_cache.c
+++ b/src/daemon/modules/device/cdi/cdi_cache.c
@@ -306,6 +306,7 @@ static void refresh_scan_spec_func(struct cdi_scan_fn_maps *scan_fn_maps, const
ERROR("Failed to insert device to devices by name %s", qualified);
goto error_out;
}
+ DEBUG("Add device %s into memory", qualified);
free(qualified);
qualified = NULL;
}
@@ -445,6 +446,7 @@ static int cdi_inject_devices(struct cdi_cache *c, oci_runtime_spec *oci_spec, s
for (i = 0; i < devices->len; i++) {
device = devices->items[i];
+ DEBUG("Search cdi devices %s.", device);
d = map_search(c->devices, (void *)device);
if (d == NULL) {
if (util_append_string_array(unresolved, device) != 0) {
--
2.25.1

28
0099-bugfix-cni-network-name-UT.patch Normal file
View File

@ -0,0 +1,28 @@
From 4a98535064319a9df3143d9c4b397f44fbbb56c5 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Mon, 3 Jun 2024 16:11:06 +0800
Subject: [PATCH 099/108] bugfix:cni network name UT
Signed-off-by: liuxu <liuxu156@huawei.com>
---
test/cutils/utils_network/utils_network_ut.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/cutils/utils_network/utils_network_ut.cc b/test/cutils/utils_network/utils_network_ut.cc
index 33eb6eb5..68f6f011 100644
--- a/test/cutils/utils_network/utils_network_ut.cc
+++ b/test/cutils/utils_network/utils_network_ut.cc
@@ -344,8 +344,8 @@ TEST(utils_network, test_net_contain_ip)
TEST(utils_network, test_validate_network_name)
{
ASSERT_EQ(util_validate_network_name(nullptr), false);
- ASSERT_EQ(util_validate_network_name(std::string(128, 'a').c_str()), true);
- ASSERT_EQ(util_validate_network_name(std::string(129, 'a').c_str()), false);
+ ASSERT_EQ(util_validate_network_name(std::string(255, 'a').c_str()), true);
+ ASSERT_EQ(util_validate_network_name(std::string(256, 'a').c_str()), false);
ASSERT_EQ(util_validate_network_name(std::string(".abce").c_str()), false);
}
--
2.25.1

40
0100-bugfix-malloc-right-type-size.patch Normal file
View File

@ -0,0 +1,40 @@
From 7bf26415fcba090e281324ba92f7d7e6487b94fc Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Tue, 4 Jun 2024 16:30:19 +0800
Subject: [PATCH 100/108] bugfix:malloc right type size
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/client/connect/rest/rest_volumes_client.c | 2 +-
src/daemon/modules/service/service_network.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/client/connect/rest/rest_volumes_client.c b/src/client/connect/rest/rest_volumes_client.c
index 88254e6c..2327c28e 100644
--- a/src/client/connect/rest/rest_volumes_client.c
+++ b/src/client/connect/rest/rest_volumes_client.c
@@ -251,7 +251,7 @@ static int prune_request_to_rest(const struct isula_prune_volume_request *reques
parser_error err = NULL;
int ret = 0;
- nrequest = util_common_calloc_s(sizeof(volume_list_volume_request));
+ nrequest = util_common_calloc_s(sizeof(volume_prune_volume_request));
if (nrequest == NULL) {
ERROR("Out of memory");
return -1;
diff --git a/src/daemon/modules/service/service_network.c b/src/daemon/modules/service/service_network.c
index 6754cf1a..fe6dbf1d 100644
--- a/src/daemon/modules/service/service_network.c
+++ b/src/daemon/modules/service/service_network.c
@@ -74,7 +74,7 @@ static struct attach_net_conf_list *build_attach_networks(const defs_map_string_
return NULL;
}
- list = (struct attach_net_conf_list *)util_common_calloc_s(sizeof(struct attach_net_conf));
+ list = (struct attach_net_conf_list *)util_common_calloc_s(sizeof(struct attach_net_conf_list));
if (list == NULL) {
ERROR("Out of memory");
return NULL;
--
2.25.1

26
0101-use-isula_clean_path-rather-than-realpath.patch Normal file
View File

@ -0,0 +1,26 @@
From 60a2b15e0090018b7850b37369964bf62e253419 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Wed, 5 Jun 2024 02:07:23 +0000
Subject: [PATCH 101/108] use isula_clean_path rather than realpath
Signed-off-by: jikai <jikai11@huawei.com>
---
src/cmd/isulad-shim/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 18fae03f..dd41c77f 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -489,7 +489,7 @@ static bool attach_fifopath_security_check(process_t *p, const char *fifopath)
return false;
}
- if (realpath(fifopath, real_path) == NULL) {
+ if (isula_clean_path(fifopath, real_path, sizeof(real_path)) == NULL) {
ERROR("Failed to get realpath for '%s': %d.", real_path, SHIM_SYS_ERR(errno));
return false;
}
--
2.25.1

32
0102-fix-false-engine-rootpath-reference.patch Normal file
View File

@ -0,0 +1,32 @@
From fa25a8923e47ed6b65e0bcd08954589f5b26092c Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Wed, 5 Jun 2024 02:10:48 +0000
Subject: [PATCH 102/108] fix false engine rootpath reference
Signed-off-by: jikai <jikai11@huawei.com>
---
src/daemon/config/isulad_config.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index 80689bce..d7b54498 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -398,12 +398,12 @@ char *conf_get_sandbox_rootpath(void)
ERROR("Get rootpath failed");
return epath;
}
- if (strlen(rootpath) > (PATH_MAX - strlen(ENGINE_ROOTPATH_NAME)) - 2) {
+ if (strlen(rootpath) > (PATH_MAX - strlen(SANDBOX_ROOTPATH_NAME)) - 2) {
ERROR("Root path is too long");
return epath;
}
// rootpath + "/" + SANDBOX_ROOTPATH_NAME + "/0"
- len = strlen(rootpath) + 1 + strlen(ENGINE_ROOTPATH_NAME) + 1;
+ len = strlen(rootpath) + 1 + strlen(SANDBOX_ROOTPATH_NAME) + 1;
epath = util_smart_calloc_s(sizeof(char), len);
if (epath == NULL) {
ERROR("Out of memory");
--
2.25.1

25
0103-bugfix-add-note.patch Normal file
View File

@ -0,0 +1,25 @@
From 8eea40e09aa34da85cfa191f07cfe7e123c9809d Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 5 Jun 2024 10:18:06 +0800
Subject: [PATCH 103/108] bugfix:add note
Signed-off-by: liuxu <liuxu156@huawei.com>
---
src/utils/cutils/utils_array.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/utils/cutils/utils_array.h b/src/utils/cutils/utils_array.h
index 0c4fd217..553c2c13 100644
--- a/src/utils/cutils/utils_array.h
+++ b/src/utils/cutils/utils_array.h
@@ -30,6 +30,7 @@ void util_free_array_by_len(char **array, size_t len);
void util_free_array(char **array);
+// this function just copies the first len elements of array and does not automatically add NULL element in the end.
char **util_copy_array_by_len(char **array, size_t len);
int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size,
--
2.25.1

64
0104-bugfix-adapt-network-name-max-len.patch Normal file
View File

@ -0,0 +1,64 @@
From 174f7d9d959bd129675651ccf7ef460794188b63 Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Wed, 5 Jun 2024 10:40:22 +0800
Subject: [PATCH 104/108] bugfix:adapt network name max len
Signed-off-by: liuxu <liuxu156@huawei.com>
---
CI/test_cases/network_cases/network_create.sh | 5 +++--
src/utils/cutils/utils.h | 7 ++++++-
test/cutils/utils_network/utils_network_ut.cc | 4 ++--
3 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/CI/test_cases/network_cases/network_create.sh b/CI/test_cases/network_cases/network_create.sh
index 3107da12..da54fdd0 100755
--- a/CI/test_cases/network_cases/network_create.sh
+++ b/CI/test_cases/network_cases/network_create.sh
@@ -33,8 +33,9 @@ function test_network_create()
local name1="cni1"
local name2="cni2"
local name3="a"
- for i in $(seq 1 7);do
- name3=${name3}${name3}
+ local basechar="a"
+ for i in $(seq 1 199);do
+ name3=${name3}${basechar}
done
local name4=${name3}b
local invalid_name=".xx"
diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h
index 4417a165..ce0ca703 100644
--- a/src/utils/cutils/utils.h
+++ b/src/utils/cutils/utils.h
@@ -99,7 +99,12 @@ int malloc_trim(size_t pad);
#define MAX_IMAGE_REF_LEN 384
#define MAX_CONTAINER_NAME_LEN 1024
#define MAX_RUNTIME_NAME_LEN 32
-#define MAX_NETWORK_NAME_LEN 255
+/*
+ * Linux limits the length of the file name to 255,
+ * isulad will create file by name "${ISULAD_CNI_NETWORK_CONF_FILE_PRE}${network_name}.conflist"
+ * when create native network,so we limit the length of the network name to 200.
+ */
+#define MAX_NETWORK_NAME_LEN 200
#define LOGIN_USERNAME_LEN 255
#define LOGIN_PASSWORD_LEN 255
diff --git a/test/cutils/utils_network/utils_network_ut.cc b/test/cutils/utils_network/utils_network_ut.cc
index 68f6f011..be85e398 100644
--- a/test/cutils/utils_network/utils_network_ut.cc
+++ b/test/cutils/utils_network/utils_network_ut.cc
@@ -344,8 +344,8 @@ TEST(utils_network, test_net_contain_ip)
TEST(utils_network, test_validate_network_name)
{
ASSERT_EQ(util_validate_network_name(nullptr), false);
- ASSERT_EQ(util_validate_network_name(std::string(255, 'a').c_str()), true);
- ASSERT_EQ(util_validate_network_name(std::string(256, 'a').c_str()), false);
+ ASSERT_EQ(util_validate_network_name(std::string(200, 'a').c_str()), true);
+ ASSERT_EQ(util_validate_network_name(std::string(201, 'a').c_str()), false);
ASSERT_EQ(util_validate_network_name(std::string(".abce").c_str()), false);
}
--
2.25.1

140
0105-start-sandbox-before-setup-network-by-default.patch Normal file
View File

@ -0,0 +1,140 @@
From e6b3528acff10fb2bc62e2da0c3754f1e36cbd54 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 5 Jun 2024 10:04:59 +0800
Subject: [PATCH 105/108] start sandbox before setup network by default
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
src/daemon/common/cri/cri_helpers.cc | 12 +++++++
src/daemon/common/cri/cri_helpers.h | 3 ++
.../cri_pod_sandbox_manager_service.cc | 34 +++++++++++++------
src/daemon/modules/spec/specs.c | 2 +-
src/utils/cutils/utils_file.c | 2 +-
5 files changed, 41 insertions(+), 12 deletions(-)
diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc
index 68d569cc..8117403c 100644
--- a/src/daemon/common/cri/cri_helpers.cc
+++ b/src/daemon/common/cri/cri_helpers.cc
@@ -47,6 +47,8 @@ const std::string Constants::DOCKER_IMAGEID_PREFIX { "docker://" };
const std::string Constants::DOCKER_PULLABLE_IMAGEID_PREFIX { "docker-pullable://" };
const std::string Constants::RUNTIME_READY { "RuntimeReady" };
const std::string Constants::NETWORK_READY { "NetworkReady" };
+// Kata 2.x need create network namespace and setup network befoce run podsandbox
+const std::string Constants::NETWORK_SETUP_ANNOTATION_KEY { "cri.sandbox.network.setup.v2" };
const std::string Constants::POD_CHECKPOINT_KEY { "cri.sandbox.isulad.checkpoint" };
const std::string Constants::CONTAINER_TYPE_ANNOTATION_KEY { "io.kubernetes.cri.container-type" };
const std::string Constants::CONTAINER_NAME_ANNOTATION_KEY { "io.kubernetes.cri.container-name" };
@@ -1140,4 +1142,14 @@ auto GetPodSELinuxLabelOpts(const std::string &selinuxLabel, Errors &error)
return fmtiSuladOpts(selinuxOpts, securityOptSep);
}
+bool SetupNetworkFirst(const std::map<std::string, std::string> &annotations)
+{
+ auto iter = annotations.find(CRIHelpers::Constants::NETWORK_SETUP_ANNOTATION_KEY);
+ if (iter == annotations.end()) {
+ return false;
+ }
+
+ return iter->second == std::string("true");
+}
+
} // namespace CRIHelpers
diff --git a/src/daemon/common/cri/cri_helpers.h b/src/daemon/common/cri/cri_helpers.h
index 5c450b32..11a80b45 100644
--- a/src/daemon/common/cri/cri_helpers.h
+++ b/src/daemon/common/cri/cri_helpers.h
@@ -49,6 +49,7 @@ public:
static const std::string DOCKER_PULLABLE_IMAGEID_PREFIX;
static const std::string RUNTIME_READY;
static const std::string NETWORK_READY;
+ static const std::string NETWORK_SETUP_ANNOTATION_KEY;
static const std::string POD_CHECKPOINT_KEY;
static const size_t MAX_CHECKPOINT_KEY_LEN { 250 };
static const std::string CONTAINER_TYPE_ANNOTATION_KEY;
@@ -151,6 +152,8 @@ auto GetPodSELinuxLabelOpts(const std::string &selinuxLabel, Errors &error) -> s
auto GetlegacySeccompiSuladOpts(const std::string &seccompProfile, Errors &error) -> std::vector<iSuladOpt>;
auto GetSeccompiSuladOptsByPath(const char *dstpath, Errors &error) -> std::vector<iSuladOpt>;
+
+bool SetupNetworkFirst(const std::map<std::string, std::string> &annotations);
}; // namespace CRIHelpers
#endif // DAEMON_ENTRY_CRI_CRI_HELPERS_H
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index af6b5fff..f852f4df 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -655,19 +655,33 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1alpha2::PodSandbox
}
}
- // Step 7: Setup networking for the sandbox.
- SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error);
- if (error.NotEmpty()) {
- goto cleanup_ns;
- }
+ // Step 7: According to the annotation and network namespace mode,
+ // determine the order of start sandbox and setup network.
+ if (CRIHelpers::SetupNetworkFirst(stdAnnos)) {
+ // Step 7.1: Setup networking for the sandbox, and then start the sandbox container.
+ SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error);
+ if (error.NotEmpty()) {
+ goto cleanup_ns;
+ }
- // Step 8: Start the sandbox container.
- StartSandboxContainer(response_id, error);
- if (error.NotEmpty()) {
- goto cleanup_network;
+ StartSandboxContainer(response_id, error);
+ if (error.NotEmpty()) {
+ goto cleanup_network;
+ }
+ } else {
+ // Step 7.2: (Default)Start the sandbox container, and then setup networking for the sandbox.
+ StartSandboxContainer(response_id, error);
+ if (error.NotEmpty()) {
+ goto cleanup_ns;
+ }
+
+ SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error);
+ if (error.NotEmpty()) {
+ goto cleanup_ns;
+ }
}
- // Step 9: Save network settings json to disk
+ // Step 8: Save network settings json to disk
if (namespace_is_cni(inspect_data->host_config->network_mode)) {
Errors tmpErr;
UpdatePodSandboxNetworkSettings(response_id, network_setting_json, tmpErr);
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index 122f9992..f0538e26 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -1601,7 +1601,7 @@ static int merge_share_network_namespace(const oci_runtime_spec *oci_spec, const
int ret = 0;
char *ns_path = NULL;
- if (host_spec->network_mode == NULL) {
+ if (host_spec->network_mode == NULL || strlen(host_spec->network_mode) == 0) {
return 0;
}
diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
index 6fc6852d..90bb156f 100644
--- a/src/utils/cutils/utils_file.c
+++ b/src/utils/cutils/utils_file.c
@@ -85,7 +85,7 @@ bool util_file_exists(const char *f)
struct stat buf;
int nret;
- if (f == NULL) {
+ if (f == NULL || strlen(f) == 0) {
return false;
}
--
2.25.1

28
0106-Revert-use-isula_clean_path-rather-than-realpath.patch Normal file
View File

@ -0,0 +1,28 @@
From f690c9a2dff298b41dc607e4ea6dd09113a322fb Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Thu, 6 Jun 2024 02:13:36 +0000
Subject: [PATCH 106/108] Revert "use isula_clean_path rather than realpath"
This reverts commit 60a2b15e0090018b7850b37369964bf62e253419.
Signed-off-by: jikai <jikai11@huawei.com>
---
src/cmd/isulad-shim/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index dd41c77f..18fae03f 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -489,7 +489,7 @@ static bool attach_fifopath_security_check(process_t *p, const char *fifopath)
return false;
}
- if (isula_clean_path(fifopath, real_path, sizeof(real_path)) == NULL) {
+ if (realpath(fifopath, real_path) == NULL) {
ERROR("Failed to get realpath for '%s': %d.", real_path, SHIM_SYS_ERR(errno));
return false;
}
--
2.25.1

28
0107-bugfix-for-start-sandbox-before-setup-network-by-def.patch Normal file
View File

@ -0,0 +1,28 @@
From 63f4f9bc9c36825d85a14f6a33102194d30e12a7 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Fri, 7 Jun 2024 02:24:49 +1400
Subject: [PATCH 107/108] bugfix for start sandbox before setup network by
default
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
index f852f4df..bc3f4031 100644
--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
@@ -677,6 +677,9 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1alpha2::PodSandbox
SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error);
if (error.NotEmpty()) {
+ Errors stopError;
+ StopContainerHelper(response_id, stopError);
+ WARN("Error stop container: %s: %s", response_id.c_str(), stopError.GetCMessage());
goto cleanup_ns;
}
}
--
2.25.1

59
0108-skip-test-rely-on-docker.io.patch Normal file
View File

@ -0,0 +1,59 @@
From d3e7b0b0d19ca4937716d835e3627714157d6cc3 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 11 Jun 2024 17:14:58 +0800
Subject: [PATCH 108/108] skip test rely on docker.io
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
CI/test_cases/image_cases/image_search.sh | 4 +++-
CI/test_cases/image_cases/integration_check.sh | 2 +-
CI/test_cases/image_cases/registry.sh | 5 +++--
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/CI/test_cases/image_cases/image_search.sh b/CI/test_cases/image_cases/image_search.sh
index 11af02f1..4bf0e099 100755
--- a/CI/test_cases/image_cases/image_search.sh
+++ b/CI/test_cases/image_cases/image_search.sh
@@ -76,7 +76,9 @@ function test_image_search()
declare -i ans=0
-test_image_search || ((ans++))
+# unable to pull image from docker.io without agent, skip this test
+# registry API v1 is not implemented in https://3laho3y3.mirror.aliyuncs.com and isula search cannot be tested
+# test_image_search || ((ans++))
show_result ${ans} "${curr_path}/${0}"
diff --git a/CI/test_cases/image_cases/integration_check.sh b/CI/test_cases/image_cases/integration_check.sh
index 6ec3ab52..f340348d 100755
--- a/CI/test_cases/image_cases/integration_check.sh
+++ b/CI/test_cases/image_cases/integration_check.sh
@@ -27,7 +27,7 @@ image="busybox"
function test_image_info()
{
local ret=0
- local uimage="docker.io/library/nats"
+ local uimage="nats"
local test="list && inspect image info test => (${FUNCNAME[@]})"
local lid
local cid
diff --git a/CI/test_cases/image_cases/registry.sh b/CI/test_cases/image_cases/registry.sh
index e33983d6..7ea9a0c5 100755
--- a/CI/test_cases/image_cases/registry.sh
+++ b/CI/test_cases/image_cases/registry.sh
@@ -74,8 +74,9 @@ function isula_pull()
isula run --rm -ti busybox echo hello 2>&1 | grep pulling
[[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull missing failed" && ((ret++))
- isula pull docker.io/library/busybox:latest
- [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull docker.io/library/busybox:latest failed" && ((ret++))
+ # Unable to pull image from docker.io without agent, skip this test
+ # isula pull docker.io/library/busybox:latest
+ # [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - --pull docker.io/library/busybox:latest failed" && ((ret++))
isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox
fn_check_eq "$?" "0" "isula pull 3laho3y3.mirror.aliyuncs.com/library/busybox"
--
2.25.1

31
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.1.5
%global _release 9
%global _release 10
%global is_systemd 1
%global enable_criv1 1
%global enable_cdi 1
@ -101,6 +101,29 @@ Patch0082: 0082-fix-shim-controller-set-incorrect-sandbox-status-sta.patch
Patch0083: 0083-fix-bug-for-invalid-env-write.patch
Patch0084: 0084-trim-key-value-for-env.patch
Patch0085: 0085-cdi-allow-env-variable-has-an-empty-value.patch
Patch0086: 0086-cdi-test-case-and-gateway.patch
Patch0087: 0087-code-improve.patch
Patch0088: 0088-testcase-close-cdi-testcase.patch
Patch0089: 0089-docs-update-cni-doc.patch
Patch0090: 0090-modify-the-user-error-log-to-be-the-same-as-before.patch
Patch0091: 0091-add-enable-cri-v1-in-k8s-integration.patch
Patch0092: 0092-isolate-oom-monitor-codes.patch
Patch0093: 0093-change-fork-process-exit-mode.patch
Patch0094: 0094-fix-error-log-for-verify_cpu_realtime.patch
Patch0095: 0095-bugfix-change-max-network-name-len.patch
Patch0096: 0096-del-useless-info.patch
Patch0097: 0097-code-improve.patch
Patch0098: 0098-cdi-add-debug-info.patch
Patch0099: 0099-bugfix-cni-network-name-UT.patch
Patch0100: 0100-bugfix-malloc-right-type-size.patch
Patch0101: 0101-use-isula_clean_path-rather-than-realpath.patch
Patch0102: 0102-fix-false-engine-rootpath-reference.patch
Patch0103: 0103-bugfix-add-note.patch
Patch0104: 0104-bugfix-adapt-network-name-max-len.patch
Patch0105: 0105-start-sandbox-before-setup-network-by-default.patch
Patch0106: 0106-Revert-use-isula_clean_path-rather-than-realpath.patch
Patch0107: 0107-bugfix-for-start-sandbox-before-setup-network-by-def.patch
Patch0108: 0108-skip-test-rely-on-docker.io.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -357,6 +380,12 @@ fi
%endif
%changelog
* Tue Jun 11 2024 zhongtao <zhongtao17@huawei.com> - 2.1.5-10
- Type: update
- ID: NA
- SUG: NA
- DESC: code improve and bugfix
* Sat May 11 2024 liuxu <liuxu156@huawei.com> - 2.1.5-9
- Type: update
- ID: NA